I am constantly amazed at how easy it is to access most computers. I service computers for a living and very often I get computers sent to me without passwords to log in with. Of course I have a tool to remove passwords on administrator accounts so I can still service the equipment but I rarely have to resort to it. The scary thing here is, if I can access an account with administrative rights by guessing the password when I am working on a unit, then anyone can do the same over a network like….the internet.
The first thing to check on your own computer is that you even have a password in place. If you turn on your computer and it goes right to your desktop without asking for a password…. That’s not good. Click: Start/Control Panel/Users (in XP) or under Control Panel\User Accounts and Family Safety\User Accounts, in Vista and Windows 7, select your account name and add a password.
A few tips for creating good passwords:
Do not use just words or names. There are scads of programs readily available on the internet that will run a complete dictionary in any language against your password in a matter of minutes.
Do not use sequential patterns like 1234, 2468, abcd and repetitive entries like 1111, aaaa and avoid using phone numbers and date patterns as well (birthdays and anniversaries are commonly used but easily cracked).
Do create a password at least 7 characters long. If you still use XP & you’re paranoid it should be at least 15 characters long so that LANmanager won’t store it in the computer.
Do use different passwords on your important sites and change them on a regular basis if not monthly then at least quarterly. There are several tools available to help you keep track of your passwords for all your locations. There’s a good Password Manager/Form Filler here that runs from a USB drive. It enters your logins for you so the only password you need to remember is the one for the flash drive. It also travels easily between home and office .
Do use MiXed cAse LeTteRs, numbers and special characters (!#$?*}
A good way to build a password is with a pass phrase like “Everybody loves an Oscar Meyer wiener.” If you’re my age that’s an easy phrase to remember. So now we just take the first letter of each word “elaomw”, it isn’t in the dictionary….. I checked…;o). Anyway, we may use standard convention and start the sentence with a cap and also do the proper nouns in cap so now we have “ElaOMw”. If you like hotdogs you might use an “!” at the end of that. If you’re not a hotdog person you might use a “?”. You could change “Everybody” to “Everyone” or for our purposes “Every 1″ so you would have “E1laOMw!” A good strong password that you can remember easily. You get the idea. Just pick a phrase and have fun with it. I will do a post soon for the paranoid on how to use non-standard and unprintable characters in passwords later.
Finally, (for now), make sure that there is a real password on the “administrator” account. On some brands of computers “administrator” is disabled and replaced with “owner”. It’s amazing how many times I’ve had people call me to “unlock” their computer because they forgot their password and I could immediately log in as “administrator” or “owner” with either a blank password, or all lower case “password” and access everything. Needless to say, anyone trying to gain access into your computer knows about these too.